cryptomator-webdav
cryptomator-webdav
Docker app from beastieg's Repository
Overview
Cryptomator WebDAV allows you to serve a locally stored Cryptomator vault over a secure WebDAV (https) connection, allowing access to decrypted files through third party WebDav tools such as rclone, Mountain Duck, CyberDuck etc.
Setting the Cryptomator Vault Password:
The password for the vault can either be set directly through the Cryptomator Vault Password variable, or can be stored in a local file and shared through the Cryptomator Vault Password File setting.
Only one is needed.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/vault.pass'
Optional Signed Certificate:
An optional signed certificate can be passed to the container, e.g. from LetsEncrypt.
Set the "Optional: Signed Certificate" variable to the full path of your certificate file, containing both your cert and the key in one .pem file.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/mycert.pem'
File Permissions:
Cryptomator-webdav runs as UID:99, GID:100 by default. This can be changed through the CRYPTOMATOR_UID and CRYPTOMATOR_GID variables.
Ensure vault files are read and writable by the IDs you set.
Ensure any vault password file provided is readable by these IDs.
More Secure File Permissions:
Most Unraid Community Applications containers run as UID:99, GID:100
In theory this would mean a rouge container could have read access to your encrypted files if the vault was shared with it.
To ensure a slightly more secure installation, it is recommended the container application is run as a separate Unraid user id, and vault files are only accessible by this user.
For example:
- Set CRYPTOMATOR_UID to your Unraid user id, e.g. 1000
- Ensure all vault files are only readable and writable by this user:
- chown -R 1000: /path/to/cryptomator/vault
- chmod -R u+rwX,g-rwx,o-rwx /path/to/cryptomator/vault
See the Cryptomator WebDAV github project for more details at https://github.com/greycubesgav/cryptomator-webdav
More details about Cryptomator can be found at https://cryptomator.org
Requirements
The native Cryptomator application (https://cryptomator.org/downloads/) should be used to create a new vault.
Then copy the entire vault directory and all sub-directories and files over to Unraid.
The decrypted vault files can then be edited through greycubesgav/cryptomator-webdav.
Runtime arguments
- Web UI
https://[IP]:[PORT:8443]/vault/- Network
bridge- Shell
sh- Privileged
- false
Template configuration
Port the Cryptomator WebDAV share will be available at.
- Target
- 8443
- Default
- 18081
The location of the local Cryptomator vault files.
- Target
- /vault
- Default
- /mnt/cryptomator_vault
The Cryptomator password for the vault. Note: is visible in docker env. Use password file for more secure option.
- Target
- CRYPTOMATOR_VAULT_PASS
- Default
- strongpass
Optionally set the location of a local file containing the Cryptomator vault password.
- Target
- /vault.pass
- Default
- /mnt/user/appdata/cryptomator-webdav/vault.pass
Optional: A fully signed cert with key embeded to be used by stunnel. e.g. /mnt/user/appdata/cryptomator-webdav/mycert.pem
- Target
- /etc/stunnel/stunnel.pem
User ID to run cryptomator-cli as
- Target
- CRYPTOMATOR_UID
- Default
- 99
Group ID to run cryptomator-cli as
- Target
- CRYPTOMATOR_GID
- Default
- 100
Umask run cryptomator-cli as. Helps protect any new files created from loose permissions.
- Target
- CRYPTOMATOR_UMASK
- Default
- 0077
Download Statistics
Details
greycubesgav/cryptomator-webdavRun cryptomator-webdav on Unraid.
cryptomator-webdav is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.